[27323] in bugtraq
XSS bug in hotmail login page
daemon@ATHENA.MIT.EDU (Peter Rdam)
Mon Oct 7 14:29:48 2002
Date: Sun, 6 Oct 2002 14:03:14 -0700
Message-Id: <200210062103.g96L3Ej19078@mail14.bigmailbox.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Mime-Version: 1.0
From: "Peter Rdam" <hell@weedmail.com>
To: bugtraq@securityfocus.com
Goodevening people,
I've found a "little (not sure)" xss bug in the Hotmail login page, i just started to learn about xss bugs. I didnt tryd to much on this, i even contacted Microsoft. They prolly very busy with counting do, or its a harmless bug.. got no idea ;). They didnt reacted, and im pretty curious about what is possible with the bug. And i actually hope that someone can tell me about it and maybe Microsoft will do something about it.. so check it out.. the + sign is filterd out.. and hey be cool.. dunno whats possible with it.. but keep it to exploiting i would say.. Hope someone can explain what is possible with this bug.. im worried about my hotmail addy security (lol)
http://lc2.law5.hotmail.passport.com/cgi-bin/login?_lang=&id=2&fs=1&cb="><script>alert(document.cookie)</script>&ct=1033054530&_setlang=
Regards,
Addic
RDMNL
P.S. Sorry for my bad englisch :P
------------------------------------------------------------
Nigerian Scam !! READ if you've received a request!!
http://www.secretservice.gov/alert419.shtml
---------------------------------------------------------------------
Express yourself with a super cool email address from BigMailBox.com.
Hundreds of choices. It's free!
http://www.bigmailbox.com
---------------------------------------------------------------------
